All the latest UK technology news, reviews and analysis
|
|
|
12 Oct 2005
Microsoft has released eight security patches, three of which carry the firm's highest severity rating of 'critical' indicating that a system can be remotely hacked without requiring any user interaction.
In addition to the critical flaws, four fixes are rated 'important' and two 'moderate'. Except for one patch issued for Exchange and Windows, all fixes affect the Windows operating system.
The critical patches affect DirectX versions 7.0 to 8.1, Internet Explorer 5.01 to 6.0 and the MSDTC and Com+ components of Windows XP, 2000 and 2003.
DirectX is a tool that helps a computer display images. The reported flaw allows a hacker to gain control over a system if the user opens a specially crafted .avi video file. This could be exploited by persuading a user to follow a link sent in an email.
The Internet Explorer vulnerability leaves the application open to a buffer overflow which could cause the application to unexpectedly quit and allow the attacker to execute arbitrary code.
Virus researcher Ero Carrera, from security provider F-Secure, warned on his blog that the three critical holes "might end up being used with malicious intent against unpatched systems".
After Microsoft released a patch for a critical flaw in August, hackers needed only a few days to create malware that exploited the vulnerability.
The subsequent worm outbreak wreaked havoc across the internet and affected s everal corporations. Authorities succeeded in tracking down the culprits who are currently being held in Turkish and Moroccan jails.
While the updates repair some problems in the Microsoft software, many security vulnerabilities remain unfixed.
Security website Secunia reported 69 security advisories for Internet Explorer 6 alone, of which 29 per cent remain unpatched while 13 per cent have been repaired only partially.
The Microsoft advisories and patches are available here:
Latest stories from Operating Systems
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Onsite IT Support Technician / Manager - Leek - circa...
Lead Infrastructure Engineer (Microsoft) – Hosted Services...
Hi Greetings, Job Title : Business Analyst Location...
Magento Senior Developer, London : Magento / PHP / CSS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?